auther 1.4.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 65a58c9e0dbe816215f33e5daa86064c83a06185
-  data.tar.gz: 276515d8c4cf3b4fcc96e6dd548400f362270d03
+  metadata.gz: 18370adb7c20520b5fe1a95290e6d0ebc387e26f
+  data.tar.gz: 83be7320485a4b859bd51ba040145baad8bfd597
 SHA512:
-  metadata.gz: f85b9b1dd51400d5a52aa18f006e9c06bc8a5f5c91e1757bda195c323e6df33e8b9709b6d3fbd0586a94466154b2e1be388960b9741ed765251b76262ace07ef
-  data.tar.gz: 4e8e0a69cb00fa91133f3c074517643c9affa4c6970edcc65609ec6d4e48e9540ab2055ea208640f8c54f0bfb2c4c4f0616a3e86087c2eb8c3f037301fe47814
+  metadata.gz: c83a3d37bebb80fe575e2961b4ba54c775cf2f9af45275d8f135417620b0e767255b85233ec542caf16d22f031c8b7491235d13dd6deccba1a47a8b5018ee94a
+  data.tar.gz: 2a0ed3ede21308c3870e038a4bdad28a8a041fe5777114b3f115996a1371b95da7a549f437b2bab9e88a5c984c0d85a25593b8f6c605ca4db1f221cd01a67311

checksums.yaml.gz.sig

@@ -1,2 +1 @@
-�{k=��&53����Ђǃ��5�
q^�<����}XyJ���#�F���:6��}��a�l���%i A��r�4�Kqs�
-�}��9s
++�MsVykGD�
1�&UE�\�x5�Nn���63ˋ	�X�~\fTD���{PuW�n%3w�dEߕm���Hk�i�*��55_1�jԧ�PD5r���3o �.y���3(�8���W?wKx������C��A

data/LICENSE.md

@@ -1,4 +1,4 @@
-Copyright (c) 2014 [Red Alchemist](http://www.redalchemist.com).
+Copyright (c) 2014 [Alchemists](http://www.alchemists.io).
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -2,9 +2,10 @@
 
 [![Gem Version](https://badge.fury.io/rb/auther.png)](http://badge.fury.io/rb/auther)
 [![Code Climate GPA](https://codeclimate.com/github/bkuhlmann/auther.png)](https://codeclimate.com/github/bkuhlmann/auther)
+[![Code Climate Coverage](https://codeclimate.com/github/bkuhlmann/auther/coverage.png)](https://codeclimate.com/github/bkuhlmann/auther)
 [![Gemnasium Status](https://gemnasium.com/bkuhlmann/auther.png)](https://gemnasium.com/bkuhlmann/auther)
 [![Travis CI Status](https://secure.travis-ci.org/bkuhlmann/auther.png)](http://travis-ci.org/bkuhlmann/auther)
-[![Coverage Status](https://coveralls.io/repos/bkuhlmann/auther/badge.png)](https://coveralls.io/r/bkuhlmann/auther)
+[![Gittip](http://img.shields.io/gittip/bkuhlmann.svg)](https://www.gittip.com/bkuhlmann)
 
 Provides simple, form-based authentication for apps that need security but don't want to deal with the clunky UI
 of HTTP Basic Authentication or something as heavyweight as [Devise](https://github.com/plataformatec/devise). It
@@ -22,9 +23,9 @@ making for a pleasent user experience.
 * Multiple account support with account specific blacklisted paths.
 * Auto-redirection to requested path (once credentials have been verified).
 * Log filtering for account credentials (login and password).
-* Customizable logger support.
 * Customizable view support.
 * Customizable controller support.
+* Customizable logger support.
 
 # Requirements
 
@@ -38,7 +39,7 @@ making for a pleasent user experience.
 
 For a secure install, type the following from the command line (recommended):
 
-    gem cert --add <(curl -Ls http://www.redalchemist.com/gem-public.pem)
+    gem cert --add <(curl -Ls http://www.alchemists.io/gem-public.pem)
     gem install auther --trust-policy MediumSecurity
 
 NOTE: A HighSecurity trust policy would be best but MediumSecurity enables signed gem verification while
@@ -52,79 +53,106 @@ Add the following to your Gemfile:
 
     gem "auther"
 
-Edit your routes.rb as follows:
+Run the generator to configure and initialize your application:
 
-    Rails.application.routes.draw do
-      mount Auther::Engine => "/auther"
-      get "/login", to: "auther/session#new"
-    end
+    bin/rails generate auther:install
+
+# Usage
+
+Using the setup examples, from above, launch your Rails application and visit either of the following routes:
+
+    http://localhost:3000/login
+    http://localhost:3000/admin/example # Assumes this route exists. Will redirect to /login if not authorized.
+
+Use the following credentials to login:
+
+* Login: test@test.com
+* Password: password
+
+To encrypt/decrypt account credentials, launch a rails console and type the following:
 
-Add a config/initializers/auther.rb to your application with the following content:
+    # Best if more than 150 characters and gibberish to read. Must be the same as defined in auther settings.
+    cipher = Auther::Cipher.new "vuKrwD9XWoYuv@s99?tR(9VqryiL,KV{W7wFnejUa4QcVBP+D{2rD4JfuD(mXgA=$tNK4Pfn#NeGs3o3TZ3CqNc^Qb"
+
+    # Do this to encrypt an unecrypted value.
+    cipher.encrypt "test@test.com"
+
+    # Do this to decrypt an encrypted value.
+    cipher.decrypt "N3JzR213WlBISDZsMjJQNkRXbEVmYVczbVdnMHRYVHRud29lOWRCekp6ST0tLWpFMkROekUvWDBkOHZ4ZngxZHV6clE9PQ==--cd863c39991fa4bb9a35de918aa16da54514e331"
+
+# Customization
+
+## Initializer
+
+The initializer (installed during setup) can be found here:
+
+    config/initializers/auther.rb
+
+The initializer comes installed with the following settings:
 
     Rails.application.config.auther_settings = {
       secret: "vuKrwD9XWoYuv@s99?tR(9VqryiL,KV{W7wFnejUa4QcVBP+D{2rD4JfuD(mXgA=$tNK4Pfn#NeGs3o3TZ3CqNc^Qb",
       accounts: [
         name: "admin",
-        login: "N3JzR213WlBISDZsMjJQNkRXbEVmYVczbVdnMHRYVHRud29lOWRCekp6ST0tLWpFMkROekUvWDBkOHZ4ZngxZHV6clE9PQ==--cd863c39991fa4bb9a35de918aa16da54514e331",
-        password: "cHhFSStjRm9KbEYwK3ZJVlF2MmpTTWVVZU5acEdlejZsZEhjWFJoQWxKND0tLTE3cmpXZVBQdW5VUW1jK0ZSSDdLUnc9PQ==--f51171174fa77055540420f205e0dd9d499cfeb6",
+        encrypted_login: "N3JzR213WlBISDZsMjJQNkRXbEVmYVczbVdnMHRYVHRud29lOWRCekp6ST0tLWpFMkROekUvWDBkOHZ4ZngxZHV6clE9PQ==--cd863c39991fa4bb9a35de918aa16da54514e331",
+        encrypted_password: "cHhFSStjRm9KbEYwK3ZJVlF2MmpTTWVVZU5acEdlejZsZEhjWFJoQWxKND0tLTE3cmpXZVBQdW5VUW1jK0ZSSDdLUnc9PQ==--f51171174fa77055540420f205e0dd9d499cfeb6",
         paths: ["/admin"]
-      ],
-      auth_url: "/login"
+      ]
     }
 
-The purpose of each setting is as follows:
+The initializer can be customized as follows:
 
 * *title* - Optional. The HTML page title (as rendered within a browser tab). Default: "Authorization".
 * *label* - Optional. The page label (what would appear above the form). Default: "Authorization".
 * *secret* - Required. The secret passphrase used to encrypt/decrypt account credentials.
 * *accounts* - Required. The array of accounts with different or similar access to the application.
     * *name* - Required. The account name. The name that uniquely identifies each account.
-    * *login* - Required. The encrypted account login. For example, the above decrypts to: *test@test.com*.
-    * *password* - Required. The encrypted account password. For example, the above decrypts to: *password*.
+    * *encrypted_login* - Required. The encrypted account login. For example, the above decrypts to: *test@test.com*.
+    * *encrypted_password* - Required. The encrypted account password. For example, the above decrypts to: *password*.
     * *paths* - Required. The array of blacklisted paths for which only this account has access to.
-    * *success_url* - Optional. The URL to redirect to upon successful authorization. Success redirection works
+    * *authorized_url* - Optional. The URL to redirect to upon successful authorization. Authorized redirection works
       as follows (in the order defined):
-          0. The blacklisted path (if requested prior to authorization but now authorized).
-          0. The success URL (if defined and the blacklisted path wasn't requested).
-          0. The root path (if none of the above).
-* *auth_url* - Required. The URL to redirect to when enforcing authentication to a blacklisted path.
+        0. The blacklisted path (if requested prior to authorization but now authorized).
+        0. The authorized URL (if defined and the blacklisted path wasn't requested).
+        0. The root path (if none of the above).
+    * *deauthorized_url* - Optional. The URL to redirect to upon successful deauthorization (i.e. logout). Deauthorized
+      redirections works as follows (in the order defined):
+        0. The deauthorized URL (if defined).
+        0. The auth URL.
+* *auth_url* - Optional. The URL to redirect to when enforcing authentication. Default: “/login”.
 * *logger* - Optional. The logger used to log path/account authorization messages. Default: Auther::NullLogger.
 
-# Usage
-
-Using the setup examples, from above, launch your Rails application and visit either of the following routes:
-
-    http://localhost:3000/login
-    http://localhost:3000/admin # Will redirect to /login if not authorized.
+## Routes
 
-To encrypt/decrypt account credentials, launch a rails console and type the following:
+The routes can be customized as follows (installed, by default, via the install generator):
 
-    # Best if more than 150 characters and gibberish to read. Must be the same as defined in auther settings.
-    cipher = Auther::Cipher.new "vuKrwD9XWoYuv@s99?tR(9VqryiL,KV{W7wFnejUa4QcVBP+D{2rD4JfuD(mXgA=$tNK4Pfn#NeGs3o3TZ3CqNc^Qb"
-
-    # Do this to encrypt an unecrypted value.
-    cipher.encrypt "test@test.com"
+    Rails.application.routes.draw do
+      mount Auther::Engine => "/auther"
+      get "/login", to: "auther/session#new", as: "login"
+      delete "/logout", to: "auther/session#destroy", as: "logout"
+    end
 
-    # Do this to decrypt an encrypted value.
-    cipher.decrypt "N3JzR213WlBISDZsMjJQNkRXbEVmYVczbVdnMHRYVHRud29lOWRCekp6ST0tLWpFMkROekUvWDBkOHZ4ZngxZHV6clE9PQ==--cd863c39991fa4bb9a35de918aa16da54514e331"
+## Model
 
-# Customization
+The [Auther::Account](app/models/auther/account.rb) is a plain old Ruby object that uses ActiveModel validations to aid
+in attribute validation. This model could potentially be replaced with a database-backed object (would require
+controller customization)...but you might want to question if you have outgrown the use of this gem and need a different
+solution altogether if it comes to that.
 
-## Model
+## Presenter
 
-The [Auther::Account](app/models/auther/account.rb) is a plain old Ruby object that uses ActiveRecord validations
-to aid in form/credential validation. This model could potentially be replaced with a database-backed object
-(would require controller customization)...but you might want to question if you have outgrown the use of this
-gem and need a different solution altogether if it comes to that.
+The [Auther::Presenter::Account](app/presenters/auther/account.rb) is a plain old Ruby object that uses ActiveModel
+validations to aid in form validation. This presenter makes it easy to construct form data for input and validation.
 
-## Views
+## View
 
 The view can be customized by creating the following file within your Rails application (assumes that the
 default Auther::SessionController implementation is sufficient):
 
     app/views/auther/session/new.html
 
-The form can be stylized by attaching new styles to the .authorization class (see
+The form uses `@account_presenter` instance variable which is an instance of the Auther::Presenter::Account presenter
+(as mentioned above). The form can be stylized by attaching new styles to the .authorization class (see
 [auther.scss](app/assets/stylesheets/auther/auther.scss) for details).
 
 ## Controller
@@ -141,23 +169,21 @@ you add a controller to your app that inherits from the Auther::BaseController.
 This allows complete customization of session controller behavior to serve any special business needs. See the
 Auther::BaseController for additional details or the Auther::SessionController for default implementation.
 
-## Routes
-
-As mentioned in the setup above, the routes can be customized as follows:
-
-    Rails.application.routes.draw do
-      mount Auther::Engine => "/auther"
-      get "/login", to: "auther/session#new"
-      delete "/logout", to: "auther/session#destroy"
-    end
-
 ## Logging
 
 As mentioned in the setup above, the logger can be customized as follows:
 
     Auther::NullLogger.new # This is the default logger (which is no logging at all).
     ActiveSupport::Logger.new("log/#{Rails.env}.log") # Can be used to log to the environment log.
-    Logger.new($stdout) # Can be used to log to standard output.
+    Logger.new(STDOUT) # Can be used to log to standard output.
+
+When logging is enabled, you'll be able to see the following information in the server logs to help debug custom
+Auther settings:
+
+* Requested path and blacklist path detection.
+* Finding (or not finding) of account.
+* Account authentication pass/fail.
+* Account and path authorization pass/fail.
 
 # Tests
 
@@ -167,10 +193,18 @@ To test, do the following:
 0. bundle install
 0. bundle exec rspec spec
 
+# Troubleshooting
+
+* If upgrading Rails, changing the cookie/session settings, generating a new secret base key, etc. this might
+  cause Auther authentication to fail. Make sure to clear your browser cookies in this situation or use Google
+  Chrome (incognito mode) to verify.
+
 # Resources
 
 * [Simplest Auth](https://github.com/vigetlabs/simplest_auth) - For situations where you need user and email reset
   support beyond what this engine can provide.
+* [Devise](https://github.com/plataformatec/devise) - For complex situations where you need persisted user objects,
+  email support, social media support, and much more.
 
 # Contributions
 
@@ -178,11 +212,11 @@ Read CONTRIBUTING for details.
 
 # Credits
 
-Developed by [Brooke Kuhlmann](http://www.redalchemist.com) at [Red Alchemist](http://www.redalchemist.com).
+Developed by [Brooke Kuhlmann](http://www.alchemists.io) at [Alchemists](http://www.alchemists.io).
 
 # License
 
-Copyright (c) 2014 [Red Alchemist](http://www.redalchemist.com).
+Copyright (c) 2014 [Alchemists](http://www.alchemists.io).
 Read the LICENSE for details.
 
 # History

data/app/controllers/auther/base_controller.rb

@@ -1,57 +1,49 @@
 module Auther
   class BaseController < ActionController::Base
     def show
-      redirect_to settings[:auth_url]
+      redirect_to settings.auth_url
     end
 
     def new
-      @account = Auther::Account.new
+      @account_presenter = Auther::Presenter::Account.new
     end
 
     def create
-      if account.valid?
-        store_credentials
-        redirect_to redirect_url
+      @account_presenter = Auther::Presenter::Account.new params[:account]
+      account_model = Auther::Account.new settings.find_account(@account_presenter.name)
+      authenticator = Auther::Authenticator.new settings.secret, account_model, @account_presenter
+
+      if authenticator.authenticated?
+        store_credentials account_model
+        redirect_to authorized_url(account_model)
       else
-        remove_credentials account.name
+        remove_credentials account_model
         render template: new_template_path
       end
     end
 
     def destroy
-      remove_credentials params[:name]
-      redirect_to settings[:auth_url]
+      account_model = Auther::Account.new settings.find_account(params[:name])
+      remove_credentials account_model
+      redirect_to deauthorized_url(account_model)
     end
 
     private
 
-    def load_title
-      @title = settings.fetch :title, "Authorization"
-    end
-
-    def load_label
-      @label = settings.fetch :label, "Authorization"
-    end
-
     def settings
-      Rails.application.config.auther_settings
+      Auther::Settings.new Rails.application.config.auther_settings
     end
 
-    def account
-      account_params = params.fetch :account
-      account_settings = find_account account_params.fetch(:name)
+    def load_title
+      @title = settings.title
+    end
 
-      @account ||= Auther::Account.new name: account_params.fetch(:name),
-        login: account_params.fetch(:login),
-        secure_login: account_settings.fetch(:login),
-        password: account_params.fetch(:password),
-        secure_password: account_settings.fetch(:password),
-        secret: settings.fetch(:secret),
-        success_url: account_settings.fetch(:success_url, nil)
+    def load_label
+      @label = settings.label
     end
 
-    def name_options
-      @name_options = settings.fetch(:accounts).map do |account|
+    def load_account_options
+      @account_options = settings.accounts.map do |account|
         name = account.fetch :name
         [name.capitalize, name]
       end
@@ -61,22 +53,22 @@ module Auther
       raise NotImplementedError, "The method, #new_template_path, is not implemented."
     end
 
-    def redirect_url
-      session["auther_redirect_url"] || account.success_url || '/'
+    def authorized_url account_model
+      session["auther_redirect_url"] || account_model.authorized_url || '/'
     end
 
-    def find_account name
-      settings.fetch(:accounts).select { |account| account.fetch(:name) == name }.first
+    def deauthorized_url account_model
+      account_model.deauthorized_url || settings.auth_url
     end
 
-    def store_credentials
-      keymaster = Auther::Keymaster.new account.name
-      session[keymaster.login_key] = account.secure_login
-      session[keymaster.password_key] = account.secure_password
+    def store_credentials account_model
+      keymaster = Auther::Keymaster.new account_model.name
+      session[keymaster.login_key] = account_model.encrypted_login
+      session[keymaster.password_key] = account_model.encrypted_password
     end
 
-    def remove_credentials name
-      keymaster = Auther::Keymaster.new name
+    def remove_credentials account_model
+      keymaster = Auther::Keymaster.new account_model.name
       session.delete keymaster.login_key
       session.delete keymaster.password_key
     end

data/app/controllers/auther/session_controller.rb

@@ -1,7 +1,7 @@
 class Auther::SessionController < Auther::BaseController
   layout "auther/auth"
   before_filter :load_title, :load_label
-  before_filter :name_options, only: [:new, :create]
+  before_filter :load_account_options, only: [:new, :create]
 
   private
 

data/app/models/auther/account.rb

@@ -1,59 +1,21 @@
+require "active_model"
+
 module Auther
   class Account
     include ActiveModel::Validations
 
-    attr_accessor :name, :login, :secure_login, :password, :secure_password, :paths, :success_url
+    attr_accessor :name, :encrypted_login, :encrypted_password, :paths, :authorized_url, :deauthorized_url
 
-    validates :name, presence: true
+    validates :name, :encrypted_login, :encrypted_password, presence: true
     validates :paths, presence: {unless: lambda { |account| account.paths.is_a? Array }, message: "must be an array"}
 
     def initialize options = {}
       @name = options.fetch :name, nil
-      @login = options.fetch :login, nil
-      @secure_login = options.fetch :secure_login, nil
-      @password = options.fetch :password, nil
-      @secure_password = options.fetch :secure_password, nil
+      @encrypted_login = options.fetch :encrypted_login, nil
+      @encrypted_password = options.fetch :encrypted_password, nil
       @paths = options.fetch :paths, []
-      @secret = options.fetch :secret, nil
-      @success_url = options.fetch :success_url, nil
-    end
-
-    def valid?
-      super && authorized_login? && authorized_password?
-    end
-
-    def invalid?
-      !valid?
-    end
-
-    private
-
-    def secret
-      @secret
-    end
-
-    def decrypt attribute
-      if attribute.present? && secret.present?
-        cipher = Auther::Cipher.new secret
-        cipher.decrypt attribute
-      end
-    end
-
-    def authorized? attribute, secure_attribute, error_name
-      if attribute == decrypt(secure_attribute)
-        true
-      else
-        errors.add error_name, "is invalid"
-        false
-      end
-    end
-
-    def authorized_login?
-      authorized? login, secure_login, "login"
-    end
-
-    def authorized_password?
-      authorized? password, secure_password, "password"
+      @authorized_url = options.fetch :authorized_url, nil
+      @deauthorized_url = options.fetch :deauthorized_url, nil
     end
   end
 end

data/app/presenters/auther/account.rb

@@ -0,0 +1,19 @@
+require "active_model"
+
+module Auther
+  module Presenter
+    class Account
+      include ActiveModel::Validations
+
+      attr_accessor :name, :login, :password
+
+      validates :name, :login, :password, presence: true
+
+      def initialize options = {}
+        @name = options[:name]
+        @login = options[:login]
+        @password = options[:password]
+      end
+    end
+  end
+end

data/app/views/auther/session/new.html.slim

@@ -1,12 +1,12 @@
 - content_for(:title) { @title }
 
-- error_keys = @account.errors.keys
+- error_keys = @account_presenter.errors.keys
 - login_error = error_keys.include?(:login)
 - password_error = error_keys.include?(:password)
 - name_error = error_keys.include?(:name)
 
 .authorization
-  = form_for @account, as: :account, url: "/auther/session" do |form|
+  = form_for @account_presenter, as: :account, url: "/auther/session" do |form|
     .small-12
       .row
         h1.authorization-label = @label
@@ -18,7 +18,7 @@
               = form.label :login, "Login:", class: "inline right"
             = content_tag :div, class: render_foundation_error(login_error, classes: %w(small-6 columns))
               = form.text_field :login
-              = content_tag(:small, @account.errors.full_messages.first, class: "error") if login_error
+              = content_tag(:small, @account_presenter.errors.full_messages.first, class: "error") if login_error
       .row
         .small-8
           .row
@@ -26,7 +26,7 @@
               = form.label :password, "Password:", class: "inline right"
             = content_tag :div, class: render_foundation_error(password_error, classes: %w(small-6 columns))
               = form.password_field :password
-              = content_tag(:small, @account.errors.full_messages.first, class: "error") if password_error
+              = content_tag(:small, @account_presenter.errors.full_messages.first, class: "error") if password_error
 
       .row
         .small-8
@@ -34,7 +34,7 @@
             .small-6.columns
               = form.label :name, "Account:", class: "inline right"
             .small-6.columns
-              = form.select :name, @name_options
+              = form.select :name, @account_options
 
       .row
         .small-8

data/lib/auther.rb

@@ -1,6 +1,9 @@
 require "slim-rails"
+require "auther/version"
+require "auther/settings"
 require "auther/null_logger"
 require "auther/cipher"
+require "auther/authenticator"
 require "auther/keymaster"
 require "auther/gatekeeper"
 require "auther/engine"

data/lib/auther/authenticator.rb

@@ -0,0 +1,56 @@
+module Auther
+  class Authenticator
+
+    attr_reader :logger
+
+    def initialize secret, account_model, account_presenter, logger = Auther::NullLogger.new(STDOUT)
+      @cipher = Auther::Cipher.new secret
+      @account_model = account_model
+      @account_presenter = account_presenter
+      @logger = logger
+    end
+
+    def authenticated?
+      account_model.valid? &&
+      account_presenter.valid? &&
+      authentic_name? &&
+      authentic_login? &&
+      authentic_password?
+    end
+
+    private
+
+    attr_reader :cipher, :account_model, :account_presenter
+
+    def log_info message
+      id = "[#{Auther::Keymaster.namespace}]"
+      logger.info [id, message].join(": ")
+    end
+
+    def authentic? encrypted_value, value, error_name
+      begin
+        if cipher.decrypt(encrypted_value) == value
+          true
+        else
+          account_presenter.errors.add error_name, "is invalid"
+          false
+        end
+      rescue ActiveSupport::MessageVerifier::InvalidSignature => error
+        log_info %(Authentication failed! Invalid credential(s) for "#{account_model.name}" account.)
+        false
+      end
+    end
+
+    def authentic_name?
+      account_presenter.name == account_model.name
+    end
+
+    def authentic_login?
+      authentic? account_model.encrypted_login, account_presenter.login, "login"
+    end
+
+    def authentic_password?
+      authentic? account_model.encrypted_password, account_presenter.password, "password"
+    end
+  end
+end

data/lib/auther/engine.rb

@@ -5,6 +5,13 @@ module Auther
     # Set defaults. Can be overwritten in app config.
     config.auther_settings = {}
 
+    # Autoload presenters
+    config.to_prepare do
+      Dir.glob(Engine.root + "app/presenters/**/*.rb").each do |presenter|
+        require_dependency presenter
+      end
+    end
+
     initializer "auther.initialize" do |app|
       asset_paths = app.config.assets.paths
 

data/lib/auther/gatekeeper.rb

@@ -1,11 +1,12 @@
 module Auther
   class Gatekeeper
-    attr_reader :application, :environment, :settings, :logger
+    attr_reader :application, :environment, :settings
 
-    def initialize application, settings = []
+    delegate :logger, to: :settings
+
+    def initialize application, settings = {}
       @application = application
-      @settings = settings
-      @logger = @settings.fetch :logger, Auther::NullLogger.new(STDOUT)
+      @settings = Auther::Settings.new settings
     end
 
     def call environment
@@ -16,7 +17,7 @@ module Auther
       else
         session[Auther::Keymaster.redirect_url_key] = request.path
         denied_response = response
-        denied_response.redirect settings[:auth_url]
+        denied_response.redirect settings.auth_url
         denied_response.finish
       end
     end
@@ -62,7 +63,7 @@ module Auther
     def find_account
       session["auther_init"] = true # Force session to initialize.
       account_name = Auther::Keymaster.get_account_name session
-      account = settings.fetch(:accounts).detect { |account| account.fetch(:name) == account_name }
+      account = settings.find_account account_name
 
       account ? log_info("Account found.") : log_info("Account unknown.")
       account
@@ -84,13 +85,13 @@ module Auther
 
     def authenticated? account
       keymaster = Auther::Keymaster.new account.fetch(:name)
-      cipher = Auther::Cipher.new settings.fetch(:secret)
+      cipher = Auther::Cipher.new settings.secret
 
       begin
         session_login = cipher.decrypt session[keymaster.login_key]
         session_password = cipher.decrypt session[keymaster.password_key]
-        account_login = cipher.decrypt account.fetch(:login)
-        account_password = cipher.decrypt account.fetch(:password)
+        account_login = cipher.decrypt account.fetch(:encrypted_login)
+        account_password = cipher.decrypt account.fetch(:encrypted_password)
 
         authenticated = session_login == account_login && session_password == account_password
         log_authentication authenticated, account.fetch(:name)
@@ -110,8 +111,8 @@ module Auther
     end
 
     def authorized? path
-      accounts = settings.fetch :accounts
-      all_blacklisted_paths = blacklisted_paths settings.fetch(:accounts)
+      accounts = settings.accounts
+      all_blacklisted_paths = blacklisted_paths settings.accounts
 
       if blacklisted_matched_paths(accounts, path).any?
         log_info %(Requested path "#{request.path}" found in blacklisted paths: #{all_blacklisted_paths}.)

data/lib/auther/settings.rb

@@ -0,0 +1,18 @@
+module Auther
+  class Settings
+    attr_reader :title, :label, :secret, :accounts, :auth_url, :logger
+
+    def initialize options = {}
+      @title = options.fetch :title, "Authorization"
+      @label = options.fetch :title, "Authorization"
+      @secret = options.fetch :secret, nil
+      @accounts = options.fetch :accounts, []
+      @auth_url = options.fetch :auth_url, "/login"
+      @logger = options.fetch :logger, Auther::NullLogger.new(STDOUT)
+    end
+
+    def find_account name
+      accounts.detect { |account| account.fetch(:name) == name }
+    end
+  end
+end

data/lib/auther/version.rb

@@ -1,3 +1,3 @@
 module Auther
-  VERSION = "1.4.0"
+  VERSION = "2.0.0"
 end

data/lib/generators/auther/install/install_generator.rb

@@ -0,0 +1,23 @@
+module Auther
+  class InstallGenerator < ::Rails::Generators::Base
+    source_root File.join(File.dirname(__FILE__), "..", "templates")
+
+    desc "Installs Auther settings and routes."
+    def install
+      install_initializer
+      add_routes
+    end
+
+    private
+
+    def install_initializer
+      template File.join("config", "initializers", "auther.rb"), File.join("config", "initializers", "auther.rb")
+    end
+
+    def add_routes
+      route %(delete "/logout", to: "auther/session#destroy", as: "logout")
+      route %(get "/login", to: "auther/session#new", as: "login")
+      route %(mount Auther::Engine => "/auther")
+    end
+  end
+end

data/lib/generators/auther/templates/config/initializers/auther.rb

@@ -0,0 +1,9 @@
+Rails.application.config.auther_settings = {
+  secret: "vuKrwD9XWoYuv@s99?tR(9VqryiL,KV{W7wFnejUa4QcVBP+D{2rD4JfuD(mXgA=$tNK4Pfn#NeGs3o3TZ3CqNc^Qb",
+  accounts: [
+    name: "admin",
+    encrypted_login: "N3JzR213WlBISDZsMjJQNkRXbEVmYVczbVdnMHRYVHRud29lOWRCekp6ST0tLWpFMkROekUvWDBkOHZ4ZngxZHV6clE9PQ==--cd863c39991fa4bb9a35de918aa16da54514e331",
+    encrypted_password: "cHhFSStjRm9KbEYwK3ZJVlF2MmpTTWVVZU5acEdlejZsZEhjWFJoQWxKND0tLTE3cmpXZVBQdW5VUW1jK0ZSSDdLUnc9PQ==--f51171174fa77055540420f205e0dd9d499cfeb6",
+    paths: ["/admin"]
+  ]
+}

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: auther
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Brooke Kuhlmann
@@ -30,7 +30,7 @@ cert_chain:
   SJpzzzZ8gO6BKn4fhd+ENNQ333Qy3nuNk07TVIaNnlgeHhowUDuD9T7Z8Lka0pt3
   4PteiTppsf0SSVAM9zSO5IuFngXMRwWgvjOfXE70f43RDuUVTCSyylc=
   -----END CERTIFICATE-----
-date: 2014-05-29 00:00:00.000000000 Z
+date: 2014-06-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pry-byebug
@@ -160,6 +160,20 @@ dependencies:
         version: '10.0'
 - !ruby/object:Gem::Dependency
   name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.12
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.12
+- !ruby/object:Gem::Dependency
+  name: pry-remote
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -173,7 +187,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: pry-remote
+  name: pry-rescue
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -187,7 +201,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: pry-rescue
+  name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -201,7 +215,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec-rails
+  name: ammeter
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -243,7 +257,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: coveralls
+  name: codeclimate-test-reporter
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -276,17 +290,22 @@ files:
 - app/controllers/auther/session_controller.rb
 - app/helpers/auther/foundation_helper.rb
 - app/models/auther/account.rb
+- app/presenters/auther/account.rb
 - app/views/auther/session/new.html.slim
 - app/views/layouts/auther/auth.html.slim
 - bin/rails
 - config/routes.rb
 - lib/auther.rb
+- lib/auther/authenticator.rb
 - lib/auther/cipher.rb
 - lib/auther/engine.rb
 - lib/auther/gatekeeper.rb
 - lib/auther/keymaster.rb
 - lib/auther/null_logger.rb
+- lib/auther/settings.rb
 - lib/auther/version.rb
+- lib/generators/auther/install/install_generator.rb
+- lib/generators/auther/templates/config/initializers/auther.rb
 homepage: https://github.com/bkuhlmann/auther
 licenses:
 - MIT
@@ -307,7 +326,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.3.0
 signing_key: 
 specification_version: 4
 summary: Enhances Rails with multi-account, form-based, database-less, application-wide